A Site is a concept within AppGate ZTNA that is used to group some aspects appliances' behavior together, mainly in respect of Gateways. It is also used with LogForwarders, Metrics Aggregators, and Connectors.
To make configuring a new Collective easier you will find a built in default Site already configured that uses EBR. For a new Collective you can just edit this default Site but to begin with you may only want to add a DNS resolver and leave everything else with the default settings.
There are a number of different use cases for Sites:
A Site is used to group Gateways together. They then share the work of provisioning access to the protected hosts in a subnet, geographical location, or business unit.
Sites are used by the LogForwarder. Log records from one or more Sites can be consolidated together and forwarded.
Sites are used by the Metrics Aggregator. Metrics from one or more Sites can be aggregated together for subsequent collection.
sdpctl will use a Site as a means of knowing which Connectors operate as an HA pair and will upgrade them one at a time.
The Express Connector must belong to a Site. This defines from where it will receive its down traffic from users.
The main use case is #1, as the Site provides the link between entitlements and the relevant Gateways that sit in front of those protected hosts. Knowing this link allows the client routing to be set up either:
Directly if using Site Base Routing (SBR)
or,
Indirectly if using Entitlement Based Routing (EBR)
For Sites with Gateways, the Site health is also displayed which indirectly reflects the underlying health of the relevant Gateways.
Before you start
Gather the following information before creating a Site:
The network subnets for each Site (if using SBR)
Whether more than one Gateway will be assigned to this Site. See the High Availability section for background information.
An overall understanding of how and where user traffic will be routed.
Name resolver details, such as DNS resolver IP address or name resolver configuration details. See the DNS and name resolution section for more information.
An available and valid license for the new Site.
Pre-configure the following elements:
Trusted certificates. Any certificates required to use name resolvers should be added to Trusted Certificates.
Use the Sites page to:
View all the Sites you have configured in the Collective.
Configure new Sites. You can only add a new Site when there is a license available, otherwise you will see a warning. The default license only allows the use of two Sites.
Configure tunneling options. This will be same for all Gateways added to the Site.
Specify the client routes (if using SBR) that direct traffic to the Site.
Edit the Built-in Default DNS Resolver for the Site.
Configure how host names or resource names (defined in entitlements) will be resolved by the Gateways.
Perform actions using the action buttons provided.
See the Configure Sites page when you are ready to create a Site.
Site Health Details
Clicking on the status in the Health column opens the Site Health Details window. The Site Health Details window displays the following:
Site health. Current health status of the Site.
Gateways. Health status of Gateways associated with the Site.
Sessions. Depending on the Site, the number of Relayed Sessions, Direct Sessions, or Direct Sessions via NAT Traversal will be displayed.
Connection Brokers. Connection Brokers associated with the Site and their health status.
View appliances related to this Site. This link takes you to a filtered list of appliances associated with the Site.
Action Buttons
Action buttons are accessed by clicking the three dots icon (
) to the right of each line item in the page or from the <Actions> button within the item. They are contextual, changing depending on the type of item and the state of the item. The Action button in the Sites page displays the following option:
Test Name Resolvers. A test button is provided for each Site. Once the resolvers are configured for all Sites, you can test them. The syntax for testing the resolver will be the same as the syntax you use when you configure entitlement actions.
See the Configure Sites section to details about the fields in the Add/Edit Site page.